When applying changes to your
azurerm_network_watcher_flow_log resource and you come across this error:
provider "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an
unexpected new value: Root resource was present, but now absent.
This is a bug in the provider, which should be reported in the provider's own
Error: A resource with the ID "/subscriptions/<id>/resourceGroups/<RG name>/providers/
Microsoft.Network/<network name>/NetworkWatcher_usgovvirginia/flowLogs/<flow logs name>"
already exists - to be managed via Terraform this resource needs to be imported into
the State. Please see the resource documentation for "azurerm_network_watcher_flow_log"
for more information.
This is an eventual consistency problem where the call to create the resource gets sent to Azure but the provider doesn't see that the resource hasn't finished creating yet.
You can find that described in the GitHub issue in the provider's repo here: https://github.com/hashicorp/terraform-provider-azurerm/issues/9395
Overview of possible solutions
Pending the time the issue is fixed, the workarounds are to:
- Increase the creation timeout of the
azurerm_network_watcher_flow_logresource [a] OR
- Use a sleep function (example here [b]) to give the resource time to finish creating.